Richard Sharpe [Mon, 14 Nov 2011 15:47:38 +0000 (07:47 -0800)]
Improve configure.in so it can be used outside the Samba source tree.
Autobuild-User: Richard Sharpe <sharpe@samba.org>
Autobuild-Date: Thu Nov 17 07:00:38 CET 2011 on sn-devel-104
(cherry picked from commit f50aa988c201c2fe78e467f1a419bedc741e1d31)
Fix bug #8607 (The configure.in in examples/VFS does not easily allow building
modules outside the Samba source tree).
(cherry picked from commit 7db7ea684a17b70ecae31c70c1b2e647ea0fafa1)
If you join samba with idmap_ad backend to an AD. When you try to
enumerate users with 'getent passwd' and the user doesn't have a uid
set, then getent is aborted cause of NT_STATUS_NONE_MAPPED. If we can't
map a user we should not stop but continue enumerating users.
This normally happens with the default user 'krbtgt' with idmap_ad but
could also happen with other backends.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Tue Nov 15 16:52:04 CET 2011 on sn-devel-104
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Nov 9 10:13:32 CET 2011 on sn-devel-104
(cherry picked from commit 4b31c4273c45faa639445614061f3da548eb8505)
s3:libsmb: fix cli_write_and_x() against OS/2 print shares (bug #5326)
Print shares doesn't support CAP_LARGE_WRITEX, while it's negotiated
by the file server part.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Nov 8 17:01:36 CET 2011 on sn-devel-104
(cherry picked from commit 95595dd93fd04999fcf56ecaab7c29b064d021f8)
Jeremy Allison [Sat, 22 Oct 2011 01:35:15 +0000 (18:35 -0700)]
Third part of fix for bug #8541 - readlink() on Linux clients fails if the symlink target is outside of the share.
Missed passing ucf_flags instead of hard coded flags in findfirst call.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Oct 22 06:30:16 CEST 2011 on sn-devel-104
(cherry picked from commit f4593181876f7a9ef55ceee8d1a20369197a63ba)
Jeremy Allison [Mon, 25 Jul 2011 23:12:45 +0000 (16:12 -0700)]
Use existing ISDOT and ISDOTDOT macros.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Jul 28 02:09:20 CEST 2011 on sn-devel-104
(cherry picked from commit d82256ca119eb8315cc69ba725ba71c386caa901)
Björn Jacke [Thu, 20 Oct 2011 19:39:38 +0000 (21:39 +0200)]
s3:Makefile: make DSO_EXPORTS_CMD more portable (#8531)
It sems like every not completely trivial sed expression should be tested with
Solaris' sed. Its regexp engine is way more limited than the one of GNU
sed. Thanks to Michael Pelletier for finding this! This fixes bug #8531
Fix bug #8515 - Empty CIFS share can be blocked for other clients by deleting it via empty path (DELETE_PENDING until the last client)
Disallow "." in can_set_delete_on_close().
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Oct 12 21:07:27 CEST 2011 on sn-devel-104
(cherry picked from commit bd260f03ab492d03c2890db47dc6fb4f1b824a1a)
Bug 7551: Return error of cli_push when 'put - /some/file' is used
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Sep 29 23:47:02 CEST 2011 on sn-devel-104
(cherry picked from commit d883cc664cac81633a60e5b04f99f23a3577ae65)
Jeremy Allison [Fri, 2 Sep 2011 22:08:42 +0000 (15:08 -0700)]
Part 3 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid argument)
Don't call check_owning_objs() to convert ACL_USER->ACL_USER_OBJ and
AC_GROUP->ACL_GROUP_OBJ for default (directory) ACLs, we do this separately
inside ensure_canon_entry_valid().
Jeremy Allison [Fri, 30 Sep 2011 20:35:59 +0000 (13:35 -0700)]
Fix bug #8493 - DFS breaks zip file extracting unless "follow symlinks = no" set
If a client sends a mangled name as part of a DFS path, use the
post-mangled name for the pathname walk, not the mangled name.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Oct 1 00:45:59 CEST 2011 on sn-devel-104
(cherry picked from commit 149875f887287dbbf016d2252962b023b0bae967)
Jeremy Allison [Fri, 20 May 2011 21:43:50 +0000 (14:43 -0700)]
Patch for bug #8156 - net ads join fails to use the user's kerberos ticket.
If kerberos_get_realm_from_hostname() or kerberos_get_default_realm_from_ccache() fails due to
a misconfigured krb5.conf, try the "realm =" from smb.conf as a fallcback before going back to
NTLMSSP (which we'll do anyway).
(cherry picked from commit ccab9efb653cfacdd357986f7a8a85c17df7abbb)
Pierre Carrier [Tue, 14 Sep 2010 23:43:39 +0000 (16:43 -0700)]
Allows changing the maximum number of simultaneous clients in winbindd through an smb.conf option.
Signed-off-by: Jeremy Allison <jra@samba.org>
Fix bug #8186 (Allows changing the maximum number of simultaneous clients in
winbindd through an smb.conf option).
Volker Lendecke [Mon, 6 Dec 2010 20:01:35 +0000 (21:01 +0100)]
s3: Fix bug 7844: Race in winbind
If a child dies, the parent process right away closes the socket.
This is wrong, with tevent we still have events pending. This works
fine for epoll but does not for at least the FreeBSD select variant.
Tevent sticks a closed socket into the select masks. This then
returns an error EBADF. When this happens, the parent winbind dies
instead of forking a new child.
This moves the socket close from the SIGCHLD cleanup function to
the socket receiver. I could not reproduce the parent death anymore
and it did not create an obvious fd leak.
Björn Jacke [Thu, 4 Aug 2011 14:25:08 +0000 (16:25 +0200)]
s3/swat: use strlcat instead of strncat to fix build on old Linux distros
SLES 9's glibc for example had weird macros where the use of strncat resulted
in the use of strcat which we don't allow.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Thu Aug 4 17:50:24 CEST 2011 on sn-devel-104
(cherry picked from commit d3b4d75364210e2d2a4a1cd806f28b0021f22909)
s3:web/swat: use strtoll() instead of atoi/atol/atoll
This is more portable, as we have a strtoll replacement
in lib/replace.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Aug 6 11:55:45 CEST 2011 on sn-devel-104
(cherry picked from commit a6be0820d09b3f3eabfbb5f4356add303aa8a494)
Fix bug #8347 (CVE-2011-2522 regression for HP-UX, AIX and OSF).
Jeremy Allison [Tue, 2 Aug 2011 18:49:46 +0000 (20:49 +0200)]
Fix bug 7462 - Non-standard SA_RESETHAND is used in ...lib/tevent/tevent_sig
Make SA_RESETHAND conditional on its existance.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Aug 1 22:03:45 CEST 2011 on sn-devel-104
(cherry picked from commit 0c67efdd68b9808542c090b9fd9920e4e37d85d0)
Kai Blin [Tue, 12 Jul 2011 06:08:24 +0000 (08:08 +0200)]
s3 swat: Create random nonce in CGI mode
In CGI mode, we don't get access to the user's password, which would
reduce the hash used so far to parameters an attacker can easily guess.
To work around this, read the nonce from secrets.tdb or generate one if
it's not there.
Also populate the C_user field so we can use that for token creation.
Signed-off-by: Kai Blin <kai@samba.org>
The last 12 patches address bug #8290 (CSRF vulnerability in SWAT).
This addresses CVE-2011-2522 (Cross-Site Request Forgery in SWAT).
(cherry picked from commit 0e17d8ef7e4004a0d35011c322b93b6da5811951)
Kai Blin [Thu, 7 Jul 2011 08:03:33 +0000 (10:03 +0200)]
s3 swat: Fix possible XSS attack (bug #8289)
Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack
against SWAT, the Samba Web Administration Tool. The attack uses reflection to
insert arbitrary content into the "change password" page.
This patch fixes the reflection issue by not printing user-specified content on
the website anymore.
s3:nmbd_packets: make sure create_listen_fdset() returns initialized data (bug #8276)
Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open)
(commit feb3fcd0fa4bda0967b881315595d7702f4d1752) changed the bahavior,
so that we skipped some sockets.
Jeremy Allison [Thu, 23 Jun 2011 21:42:27 +0000 (14:42 -0700)]
Fix bug #8254 - "acl check permissions = no" does not work in all cases
Move lp_acl_check_permissions() into can_delete_file_in_directory()
where it makes sense. Remove ACL check when requesting DELETE_ACCESS
when lp_acl_check_permissions is false.
David Disseldorp [Wed, 16 Feb 2011 16:23:25 +0000 (17:23 +0100)]
s3: increase the log level for missing PIDs on SIGCHLD
Since the fix for bso#7836, the parent smbd is responsible for
maintaining an up-to-date printcap cache. It does this by forking a
child process to asynchronously fetch printcap data from CUPS.
When the child process exits after fetching all printcap data, the
parent smbd is sent SIGCHLD. This triggers smbd_sig_chld_handler() which
looks for the exited process PID on a "children" list.
Child smbd process PIDs are added to the "children" list to ensure
cleanup on unclean shutdown and log level change notification messages.
Printcap update process PIDs are not added to the list as they do not
maintain any state that requires cleanup, nor do they wait on tevent for
messages.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Thu Feb 17 11:11:45 CET 2011 on sn-devel-104
(cherry picked from commit 9c12232f1ae36e00d04114ad73edd8ba3c2c6a5c)
Fix bug #8269 (smbd spams log with "Could not find child X -- ignoring"
messages).
Michael Adam [Tue, 5 Apr 2011 21:07:01 +0000 (23:07 +0200)]
docs: fix the missing parameter description section in the smb.conf manpage
The smb.conf (5) manpage recently sometimes failed to contain the
contents of the description of each parameter section. The reason
was a unreliable chain of dependencies in the Makefile.
The error can be reproduced by touching manpages-3/smb.conf.5.xml
and then building the manpages.
Then smb.conf.5.xml is newer than any of the smbdotconf/*/*.xml
files and hence the intermediate inexistent parameters.*.xml
don't get generated.
This patch fixes this problem by introducing a phony "parameters"
target referencing the parameters.*.xml targets, so that they
get build unconditionally.
Fix bug #7997 (smb.conf.5 manpage truncated in 3.5.8).